Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Government. Show all posts
Technologies
Cyber Attacks CyberCrime Cybersecurity CyberThreat Government Netskope Technologies

Cyber Threats by Nation-States Surge Beyond Control

 


In recent years, state-sponsored hacker groups have increased their attacks on critical infrastructure, causing great concern across the globe. It has become increasingly evident that these coordinated and sophisticated cyber threats and attacks are posing serious risks to the security and safety of the country as a whole. 

To protect crucial systems such as power grids, healthcare systems, and water treatment plants, strong cybersecurity measures must be implemented to prevent any disruption or manipulation. This underscores the importance of protecting critical infrastructure that needs to be protected. Currently, two-thirds of all cyberattacks that are attributed to a state-backed actor originate in foreign countries. This information lends credence to the warnings from the US Department of Homeland Security that enterprises and public services alike are facing significant threats. 

Netskope, a security firm that conducts research into state-sponsored attacks, has reported a marked increase in attacks in recent years, with the firm alerting this trend does not appear to be waning anytime soon. It has been estimated that the kind of cyberattacks waged by nation-state actors are now constituting one of the largest forms of quiet warfare on the planet, said Netskope's CEO Sanjay Beri. To understand this worldwide escalation, it is necessary to look beneath the surface of the conflict, which shows a lot of different states employing widely disparate cyberattack strategies. 

It seems that due to the current threat landscape, the U.S. administration has made their national unity of effort a priority to keep a critical infrastructure that is secure, accessible, and reliable. For the above threats and attacks to be addressed effectively, international cooperation, strict regulations, and investments in advanced cybersecurity technologies will be needed. 

It is also imperative that we raise public awareness about cyber threats in addition to improving cyber hygiene practices to minimize the risks of state-sponsored cyberattacks on critical infrastructure that pose a significant threat to the public. Additionally, the European Union Agency for Cybersecurity (ENISA), representing the European Union, released an executive summary of 'Foresight Cybersecurity Threats for 2030' which highlights ten of the most dangerous emerging threats for the next decade. 

A review of previously identified threats and trends is provided in this study, which offers insight into the morphing landscape of cybersecurity. The report, it is details that by addressing issues such as supply chain compromises, skill shortages, digital surveillance, and machine learning abuse, it contributes to developing robust cybersecurity frameworks and best practices for combating emerging threats by 2030 by addressing relevant issues such as supply chain compromises, skill shortages, and digital surveillance. 

As a part of its annual cyber security report, the National Cyber Security Centre (NCSC) of the United Kingdom has released a new report which examines the possible impacts of artificial intelligence (AI) on the global ransomware threat which has been on the rise for some time now. A report published by the CERT indicates that in the future, the frequency and severity of cyberattacks might be exacerbated as Artificial Intelligence (AI) continues to gain importance. NCSC advises individuals and organisations to enhance their cybersecurity measures in a proactive manner in order to prevent security threats. 

It is also discussed in the report how artificial intelligence will impact cyber operations in general, as well as social engineering and malware in particular, highlighting the importance of continuing to be vigilant against these evolving threats as they arise. There was an alert raised earlier this summer by the National Cyber Security Centre (NCSC) of the UK, the US, and South Korean authorities regarding a North Korea-linked threat group known as Andariel that allegedly breached organizations all over the world, stealing sensitive and classified technology as well as intellectual property. 

Despite the fact that it predominantly targeted defense, aerospace, nuclear, and engineering companies, it also harmed smaller organizations in the medical, energy, and knowledge sectors on a lesser scale, stealing information such as contract specifications, design drawings, and project details from these organizations. 

In March 2024, the United Kingdom took a firm stance against Chinese state-sponsored cyber activities targeting parliamentarians and the Electoral Commission, making it clear that such intrusions would not be tolerated. This came after a significant breach linked to Chinese state-affiliated hackers, prompting the UK government to summon the Chinese Ambassador and impose sanctions on a front company and two individuals associated with the APT31 hacking group. This decisive response highlighted the nation's commitment to countering state-sponsored cyber threats. 

The previous year saw similar tensions, as Russian-backed cyber threat actors faced increased scrutiny following a National Cyber Security Centre (NCSC) disclosure. The NCSC had exposed a campaign led by Russian intelligence services aimed at interfering with the UK's political landscape and democratic institutions. These incidents underscore a troubling trend: state-affiliated actors increasingly exploit the tools and expertise of cybercriminals to achieve their objectives. 

Over the past year, this collaboration between nation-state actors and cybercriminal entities has become more pronounced. Microsoft's observations reveal a growing pattern where state-sponsored groups not only pursue financial gain but also enlist cybercriminals to support intelligence collection, particularly concerning the Ukrainian military. These actors have adopted the same malware, command and control frameworks, and other tools commonly used by the wider cybercriminal community. Specific examples illustrate this evolution. 

Russian threat actors, for instance, have outsourced some aspects of their cyber espionage operations to criminal groups, especially in Ukraine. In June 2024, a suspected cybercrime group utilized commodity malware to compromise more than 50 Ukrainian military devices, reflecting a strategic shift toward outsourcing to achieve tactical advantages. Similarly, Iranian state-sponsored actors have turned to ransomware as part of their cyber-influence operations. In one notable case, they marketed stolen data from an Israeli dating website, offering to remove individual profiles from their database for a fee—blending ransomware tactics with influence operations. 

Meanwhile, North Korean cyber actors have also expanded into ransomware, developing a custom variant known as "FakePenny." This ransomware targeted organizations in the aerospace and defence sectors, employing a strategy that combined data exfiltration with subsequent ransom demands, thus aiming at both intelligence gathering and financial gain. The sheer scale of the cyber threat landscape is daunting, with Microsoft reporting over 600 million attacks daily on its customers alone. 

Addressing this challenge requires comprehensive countermeasures that reduce the frequency and impact of these intrusions. Effective deterrence involves two key strategies: preventing unauthorized access and imposing meaningful consequences for malicious behaviour. Microsoft's Secure Future Initiative represents a commitment to strengthening defences and safeguarding its customers from cyber threats. 

However, while the private sector plays a crucial role in thwarting attackers through enhanced cybersecurity, government action is also essential. Imposing consequences on malicious actors is vital to curbing the most damaging cyberattacks and deterring future threats. Despite substantial discussions in recent years about establishing international norms for cyberspace conduct, current frameworks lack enforcement mechanisms, and nation-state cyberattacks have continued to escalate in both scale and sophistication. 

To change this dynamic, a united effort from both the public and private sectors is necessary. Only through a combination of robust defence measures and stringent deterrence policies can the balance shift to favour defenders, creating a more secure and resilient digital environment.
Read more »
Voters List
cybersecurity risks Data Breach Government Senate Democrats Voters Voters List

Data Breach: Georgia Voter Information Accidentally Displayed Online

 


Despite an effort by the Georgian government to provide a new web portal that allows Georgians to cancel their voter registration, the website has come under fire after a technical problem caused personal data to be displayed on users' screens. It was announced on Monday that Georgia's Secretary of State Brad Raffensperger has launched a new website designed to give Georgians the ability to easily and quickly cancel their voting registrations if they move out of the state, or if they lose a loved one who recently passed away. 

During the registration process, users are asked to enter the first letter of their last name, their county of residence, and their date of birth. It will then ask them to provide a reason for their cancellation, followed by a request to provide their driver's license information. After answering the question, the person is prompted to enter their license number if the answer to the question is yes. 

There is a possibility that the voter will be asked to enter their social security number, if they do not already have one, or they will be asked to complete a form that needs to be mailed or emailed to the registration office for their local county. The problem, which Mike Hassinger, Raffensperger spokesman, said lasted less than an hour and has now been resolved, highlighted Democratic concerns that the site could be used by outsiders to unjustifiably cancel voter registrations without the voter's permission. 

There is another example of how states should be aggressive in purging their registration rolls of invalid names. In Georgia, there has been a long-running dispute between Democrats and Republicans over this issue, but it has recently gained new urgency because of an extensive national effort coordinated by Trump party allies to remove names from voter rolls that have garnered new attention. 

There are activists inflamed by the false allegations that the 2020 election was stolen, and they are arguing that the state's existing efforts to clean it up are inadequate and that the inaccuracies invite fraud to take place. In Georgia, as well as throughout the country, there have been very few cases of voters casting ballots improperly from out of state. To counter efforts by disinformation campaigns that are aimed at making people distrust the democratic process, four prominent former government officials from Georgia have joined an organization that is hoping to counter the efforts of disinformation campaigns. 

Despite the launch of the Democracy Defense Project, which was announced by Georgia Republican lawmakers Nathan Deal and Saxby Chambliss, and once again by two Democrat politicians, Roy Barnes the former governor of Georgia, and Shirley Franklin the former mayor of Atlanta, the project seems to have picked up two Georgia Republicans and two Democrats. The Georgia board members are part of a national initiative that aims to raise money for advertisements so that they can push back against efforts to undermine elections and to get people to move beyond talking about "polarizing rhetoric" to increase their chances of getting news coverage and raising votes. 

A new skirmish has arisen over the issue of how aggressively states should purge incorrectly registered citizens from their registration rolls. Democrat and Republican congressional leaders in Georgia have been engaged in a bitter and protracted battle over this issue, but the debate has now gained new urgency due to a campaign launched by Donald Trump's allies to remove names from the voter rolls on a national level. 

According to activists fueled by Trump's false claims that the 2020 election was rigged, there is no way to clean up the mess in an accurate way, and inaccuracies invite fraud into the process. Neither in Georgia nor nationwide have there been any instances of improper out-of-state voting that can be verified scientifically. There have been relatively few cancellations of registrations to date. Typically, cancelling a voter registration in Georgia requires mailing or emailing a form to the county where the voter previously resided. 

The removal of deceased individuals or those convicted of felonies from the voter rolls can be processed relatively swiftly. However, when individuals relocate and do not request the cancellation of their registration, it may take years for them to be removed from the rolls. The state must send mail to those who appear to have moved, and if there is no response, these individuals are moved to inactive status. Despite this, they retain the ability to vote, and their registration is not removed unless they fail to vote in the next two federal general elections. 

Georgia has over 8 million registered voters, including 900,000 classified as inactive. Similar to other states, Georgia allows citizens to challenge an individual's eligibility to vote, particularly when there is personal knowledge of a neighbour moving out of state. Recently, however, residents have increasingly been using impersonal data, such as the National Change of Address list maintained by the U.S. Postal Service, to challenge large numbers of voters. Additionally, some individuals scrutinize the voter rolls to identify people registered at non-residential addresses. 

For instance, a Texas group called True the Vote challenged 364,000 Georgia voters before the two U.S. Senate runoffs in 2021. Since then, approximately 100,000 more challenges have been filed by various individuals and groups. Voters or relatives of deceased individuals can enter personal information on a website to cancel registrations. County officials receive notifications from the state's computer system to remove these voters, and counties will send verification letters to voters who cancel their registrations.

If personal information is unavailable, the system offers a blank copy of a sworn statement of cancellation. However, for a brief period after the website was unveiled, the system inadvertently preprinted the voter's name, address, birth date, driver's license number, and the last four digits of their Social Security number on the affidavit. This error allowed anyone with access to this information to cancel a registration without sending in the sworn statement. 

Butler expressed her alarm, stating she was "terrified" to discover that such sensitive information could be accessed with just a person's name, date of birth, and county of registration. Hassinger explained in a Tuesday statement that the temporary error was likely due to a scheduled software update, and it was detected and resolved within an hour. 

Although Butler commended the swift action by Raffensperger's office, she, along with other Democrats, argued that this issue highlighted the potential for the site to be exploited by external parties to cancel voter registrations. Democratic Party of Georgia Executive Director Tolulope Kevin Olasanoye emphasized that the portal could be misused by right-wing activists already engaged in mass voter challenges to disenfranchise Georgians. Olasanoye called on Raffensperger to disable the website to prevent further abuse.
Read more »
Greek Diaspora Email
Data Breach Data Leak Government Greece Greek Diaspora Email

Leak of Greek Diaspora Emails Shakes Government: A Closer Look


The recent leak of Greek diaspora emails has sent shockwaves through the conservative government of Prime Minister Kyriakos Mitsotakis. The scandal, which unfolded in March 2024, has raised questions about privacy, data protection, and political accountability. Let’s delve into the details.

The Email Barrage and Its Fallout

What Happened? A New Democracy Member of the European Parliament (MEP) bombarded voters abroad with emails minutes after they were informed about voting by mail.

Resignation: Interior Ministry General Secretary Michalis Stavrianoudakis stepped down.

Dismissal: Nikos Theodoropoulos, New Democracy’s Secretary for Diaspora Affairs, faced dismissal.

Withdrawal: MEP Anna-Michelle Asimakopoulou announced she would not contest in the upcoming June election.

The Investigation

An internal probe revealed that in May 2023, a list of email addresses was allegedly acquired by an associate of Stavrianoudakis and forwarded to Theodoropoulos. The list eventually reached Asimakopoulou.

Asimakopoulou had previously denied any wrongdoing, claiming she collected contact information during her tenure as an MEP and sought consent from Greeks abroad to communicate with them regularly.

Legal Action: Grigoris Dimitriadis, Prime Minister Mitsotakis’ nephew, initiated legal proceedings related to the scandal.

Further Actions: The Athens Prosecutor’s Office and the country’s Data Protection Authority (DPA) are actively involved in addressing the case.

European Parliament Elections: The upcoming European Parliament elections in June serve as a barometer of party strength in various countries.

Privacy, Accountability, and Political Fallout

The leak has ignited a fierce debate on several fronts

Privacy Concerns: The unauthorized use of email addresses underscores the need for robust data protection measures. Citizens rightly expect their personal information to be handled responsibly.

Political Accountability: Asimakopoulou’s withdrawal from the European ballot reflects the gravity of the situation. The scandal has implications beyond party lines, affecting public trust in politicians.

Mitsotakis’ Leadership: The Prime Minister’s handling of the crisis is under scrutiny. How he navigates this scandal will shape his political legacy.

What can we learn from this?

The leak of Greek diaspora emails serves as a stark reminder that even in the digital age, privacy breaches can have far-reaching consequences. As investigations continue, the fallout from this scandal will reverberate through Greek politics, leaving citizens questioning the integrity of their elected representatives.

Read more »
Online Pyment
ATM Security Blockchain Cryptographics Cyber Attacks CyberCrime Cybersecurity Government Netbanking Online Pyment

Blockchain's Role in Reinventing ATM Security: A Game-Changer in Banking

 


Blockchain technology allows for the creation of a structured data structure that is intrinsically secure. A cryptocurrency is based on the principles of cryptography, decentralization, and consensus, which is a mechanism that ensures that transactions can be trusted. 

Data is usually organized into a series of blocks, and within each block, there is a transaction or bundle of transactions, which makes up the most popular blockchain or distributed ledger technologies (DLT). This cryptographic chain is constructed by connecting every new block to all those before it to ensure that no block can be tampered with in the future. 

An agreement mechanism is used to verify and agree upon the validity of all transactions within blocks, and this mechanism ensures that each transaction in the block is valid. A crucial part of keeping our money safe and secure is the use of technology in the world of modern banking. 

There are many breakthrough technologies in the world today, and blockchain is one of them. The Indian market for digital payments is expected to have a market capitalization of an astounding 500 billion by 2020 with its growth on a steady track. 

Several factors, including demonetisation and government efforts to encourage mobile-based transactions across the country, can be attributed to the increase in the use of online payments across the country. The move to a truly digital economy seems to be only a matter of time. With an increasing number of Indians opting for digital cash and more payment methods evolving to support digital transactions, it appears that we are on our way to becoming a fully digital economy. 

It must be said, however, that one of the current challenges with online payments in the country is finding a way to uniform the structure and functionality of the payment system. Blockchains are similar to big ledgers, storing all transactions that occur in an encrypted record in an encrypted database that can be searched in real-time. 

With Blockchain technology, users have the option of sending, receiving, and managing their accounts online with no middleman in the case of online transactions. Blockchain technology represents a very promising method of decentralization that allows members of a distributed network to contribute to the network.

An individual user cannot change the record of transactions in a server-based environment, and there is no single point of failure. Despite this, there are some critical differences in the security aspects of blockchain technologies. The Automated Teller Machine (ATM) is a way for financial institutions wishing to provide their customers with the convenience of conducting small transactions without having to interact directly with bank staff by offering them an electronic outlet through which they can accomplish the task. 

With ATMs, customers can carry out many of their banking transactions easily by performing self-service transactions such as depositing cash into their accounts, withdrawing cash from them, paying their bills, transferring funds between their accounts, and checking their account balance and latest transactions. 

As always, the safety of newly invented technology may be the largest challenge with the most technological advances. Secondly, and perhaps most importantly, since ATMs are primarily used for cash exchange, hackers and robbers are constantly looking for ways to exploit them to gain access to cash. 

Typically ATMs are connected to bank servers via leased lines, which provide high-speed connectivity, so these ATMs are normally linked to the bank's servers. An ATM manufacturer (National Cash Register or NCR) provides the hardware components required for the establishment of an ATM (Automatic Teller Machine) and is typically contracted by the bank to provide the hardware and software. 

The manufacturer usually purchases the ATM from an ATM manufacturer, usually NCR (National Cash Register). It has become very common for banks to outsource ATM maintenance, including cash loading, to third-party service providers to handle their responsibilities. 

To enable the ATM software to connect with the interbank network and dispense cash accordingly, ATMs are equipped with a switch, also known as a payment transfer engine, which is the engine that enables the ATM to transfer money between accounts. ATMs are frequently targeted for physical and logical attacks, which are the two most common types of attacks on them. 

A physical attack nowadays is an outdated practice due to the risks involved, which include financial hazards, as well as hazards to life, property and health that may result from it. Various forms of physical assault are used to attack ATMs, including the use of explosives, the removal of the machine from its post, or any other of many methods that involve forcefully removing the machine from its original location. 

With advancements in scalability, privacy, and regulatory compliance, the future outlook for blockchain-based ATM security looks quite promising. This is expected to lead to a broader adoption of the technology in the future. 

Due to the evolution of quantum-resistant cryptography and the introduction of various interoperability features, blockchain technology is poised to offer unparalleled protection, helping to prove the robustness and safety of the financial industry as a whole. 

Considering these significant innovations, it becomes more and more imperative that the financial industry implements blockchain technology to keep up with these advances. Through the integration of blockchain technology into ATM security, overall financial services, and the user experience, ATMs can be made more secure and enhanced with greater efficiency and transparency. 

Financial institutions can stand out from the competition by integrating blockchain technology to contribute to a more secure and trust-driven future in banking and beyond, which can lead to a more secure, more transparent and more efficient system.
Read more »
Technology
Aatmanirbhar Bharat Cyberattacks CyberCrime Cybersecurity Government Laptop Self Reliant Technology

Contemplating Import Restrictions for PCs and Laptops to Secure Digital Infrastructure

 


Although it is common practice for the government to introduce new policies hurriedly, especially when it comes to the recent licensing requirement for all-in-one personal computers (PCs), laptops, tablets, and servers, it was pushed three months back to 1 November due to how new policies were hurriedly introduced in the country. 

It is a compelling proposition for the Indian government to pursue the goal of becoming an Atmanirbhar Bharat or an independent nation in the information technological (IT) hardware space, which is logical and appealing to the Indian people for numerous reasons. 

As a result of the government's decision to curb imports of laptops, tablets, and PCs, along with the government's PLI to purchase IT hardware worth Rs 17,000 crores, local factories will now be able to produce devices priced at more than a billion dollars, which will considerably reduce import dependency over the next 2-3 years. 

The government has enacted an amended law, which makes it mandatory for importers of laptops, tablets, and certain kinds of computers to obtain a valid license. This is within seven days of import. As a matter of security, as well as to encourage goods manufacturing in the country. 

The government decided on Friday to give businesses a "transition period" to adjust to the changes to the licensing regime mandated for laptops, tablets, and personal computers a day after mandating one. There are fears that tighter supply and higher prices could result from the urbs. 

As the government has stated, the purpose behind introducing this policy is to protect the security interests of the country and its citizens Rajeev Chandrasekhar, Minister of State for Information Technology & Electronics, said that a notification would be released regarding the relaxation of norms as soon as possible. 

According to sources, India can manufacture enough IT hardware devices to not restrict the availability of laptops, tablets, all-in-one computers, ultra-small computers, and servers domestically, as the requirement to obtain permission to import these items is likely to not hurt domestic availability. 

A government source told The Indian Express is committed to the establishment of an internet in India that is open, safe, trustworthy, and accountable for all its users so that everyone can access it. There is also a likelihood that citizens will be exposed to user harm and criminality as a result of increasing penetration of the Internet and a subsequent increase in the number of Indians going online. 

Furthermore, the reports state that IT hardware has security loopholes that may expose sensitive personal data to cyber criminals and endanger enterprises and governments. It has been noted that the foundation for securing the network is the provision of secure hardware. 

Under the old production-linked incentive scheme, OEL has been approved to manufacture IT hardware, and it is expected that it will apply PLI 2.0, which expires on August 30. There is a total of 44 companies who have registered for the PLI scheme 2.0 in India, while two global companies have sent in their applications to make IT hardware devices in the country. 

A US-based technology company called HPE signed an agreement last month with VVDN Technologies. Under the agreement, the two companies plan to produce high-end servers worth USD 1 billion over the next 4-5 years under a 10-year agreement. Tarun Pathak, Research Director at Counterpoint Research, stated there is a close to $8 billion market size for laptops and PCs in India every year. 

He said that the majority of units are imported, with about 65 percent being imported from overseas. As a co-founder, Chairman, and Managing Director of Lava International, Mr. Hari Om Rai emphasizes that the government has done a great job restricting imports if they have a valid permit to do so. According to him, all supply chain disruptions have been averted as a result of the government's actions. 

As a result, companies will not have to worry about "ease of doing business" issues, which will ensure they can offer the same products at the same price to their customers in the future. As per current Canalys data, in the third quarter of 2023, there was a 35 percent decline in the Indian PC market (desktops, notebooks, and tablets), with 3.9 million units shipped during the quarter. 

As a result of a muted 2023, Canalys expects that the Indian PC market will rebound strongly in 2024 with 11 percent growth and 13 percent growth in 2025, following a muted 2023. Canalys predicts that device sales will exceed 1 billion units in 2025. As per Vinod Sharma, Chairman of the CII National Committee for Electronics and MD of Deki Electronics, incentives are provided for locally manufactured components under the IT Hardware PLI. 

A boost will be given to the domestic component ecosystem as a result of this decision. In the past, companies were allowed to import laptops without any restrictions before the Directorate General of Foreign Trade issued its notification on August 3. While the notification does not exclude certain categories of items, including laptops, tablets, laptops with all-in-one computers, and ultra-small form factor computers that are included in the luggage allowance as part of the baggage allowance, certain items are excluded. There is also an exemption for up to 20 IT devices per consignment. 

These devices are used for research and development, testing, benchmarking, evaluation, repair, and product development purposes. The re-importing of repaired goods, and devices which are essential parts of a capital good, is also exempt because they are repaired abroad. To create a scale economy for IT hardware devices in India, the government notified in May this year the implementation of the production-linked incentive scheme 2.0, which will ultimately result in further lowering the price of IT hardware devices since India has sufficient capacity to manufacture IT hardware devices. 

The government has notified the scheme to boost domestic manufacturing and create an economy of scale. There were already 44 companies registered with the PLI 2.0 IT Hardware Scheme as of July 31st. Until the end of August 2023, companies will be able to submit their applications. In the long run, IT Hardware OEMs and EMS players may have to recalculate their production plans in four years, since the Non-Trade Barrier will threaten to eliminate imports by 93 percent within four years, which could cause them to recalculate their production targets. 

Based on the information, all big IT hardware companies, except Apple, have participated directly or through their EMS companies in the PLI 2.0 for IT Hardware scheme. These companies include Dell, HP, HPE, Lenovo, ASUS, ACER, Intel, and other local brands. As part of the "Make in India" initiative, the government is encouraging the local manufacture of goods and discouraging imports.

From April to June of this year, India imported $19.7 billion worth of electronics, including laptops, tablets, and personal computers. This is up 6.25% from a year ago. Imports of personal computers, including laptops, were $5.33 billion in 2022-23, creating an increase from $5.10 billion a year previously.

A laptop, a PC, and other similar items are not generally subject to customs charges when they enter India, in general. As a result of signing a 1997 Information Technology Agreement (ITA), India has committed that from that date onwards there will be no duty on computers and many other IT-related products.
Read more »
virus
Advanced Encryption Standard Android Phone CERT-In Cyber Attacks CyberCrime Cybersecurity Daam Government Hacked SMS URL virus

Android Phone Hacked by 'Daam' Virus, Government Warns

 


It has been announced by the central government that 'Daam' malware is infecting Android devices, and the government has issued an advisory regarding the same. CERT-IN, the national cyber security agency of the Indian government, released an advisory informing the public about the possibility of hackers hacking your calls, contacts, history, and camera due to this virus.

The virus' ability to bypass anti-virus programs and deploy ransomware on targeted devices makes it very dangerous, according to the Indian Computer Emergency Response Team or CERT-In, which provided the information. 

As quoted by the PTI news agency, the Android botnet is distributed primarily through third-party websites or apps downloaded from untrusted or unknown sources, according to the Federal Bureau of Investigation. 

The malware is coded to operate on the victim's device using an encryption algorithm known as AES (advanced encryption standard). The advisory reports that the other files are then removed from local storage, leaving only the files that have the extension of ".enc" and a readme file, "readme_now.txt", that contain the ransom note. 

To prevent attacks by such viruses and malware, the central agency has suggested several do's and don'ts. 

The CERT-IN recommends that you avoid browsing "untrusted websites" or clicking "untrusted links" when they do not seem trustworthy. It is advisable to exercise caution when clicking on links contained within unsolicited emails and SMS messages, the organization stated. Specifically, the report recommends updating your anti-virus and anti-spyware software regularly and keeping it up to date.

Once the malware has been installed, it tries to bypass the device's security system. In the case it succeeds in stealing sensitive data, as well as permissions to read history and bookmarks, kill background processing, and read call logs, it will attempt to steal sensitive information of the user. 

"Daam" is also capable of hacking phone calls, contacts, images, and videos on the camera, changing passwords on the device, taking screenshots, stealing text messages, downloading and uploading files, etc. 

In the Sender Information field of a genuine SMS message received from a bank, the Sender ID (abbreviation of the bank) is typically mentioned instead of the phone number, according to the report. 

A cautionary note was provided to users warning them to be aware of shortcut URLs (Uniform Resource Locators) such as the websites 'bitly' and 'tinyurl', which are both URLs pointing to web addresses such as "http://bit.ly/" "nbit.ly" and "tinyurl.com" "/". 

To see the full domain of the website the user is visiting, it is recommended that they hover over the shortened URL displayed. As suggested in the consultation, they may also be able to use a URL checker that allows them to enter both a shortened URL and the complete URL when completing the check. 

This is being viewed as a serious warning by the government to Android phone users throughout the world to remain vigilant and to take all necessary precautions to protect their mobile devices.

The Central Government strives to educate citizens about "Daam" malware, as well as its potential impacts, so citizens can take proactive measures to protect their Android devices and stay safe from cyber threats in the ever-evolving environment we live in today.
Read more »
Ransomware
Cyber Attacks Cyberattacks Cybersecurity Government Malware attacks PureCrypter Ransomware

Info-stealer Ransomware hit Government Organisations

 


Threat actors have targeted government entities with the PureCrypter malware downloader, which is used to deliver several information stealers and ransomware variants to targeted entities.  

According to a study conducted by researchers at Menlo Security, the initial payload of this attack was hosted on Discord by the threat actor. A non-profit organization was compromised to store more hosts for the campaign. 

Several different types of malware were delivered via the campaign, including Redline Stealer, Agent Tesla, Eternity, Black Moon, and Philadelphia Ransomware, researchers said in a statement. 

Several government organizations in the Asia Pacific (APAC) and North American regions have been targeted by PureCrypter's marketing campaign, according to researchers. 

Steps Involved in an Attack 

Firstly, the attacker sends an email with a Discord app link pointing to a password-protected ZIP archive containing a PureCrypter sample, which is then used to launch the attack. 

As of March 2021, PureCrypter began to become popular in the wild as a .NET malware downloader. Various types of malware are distributed by its operator on behalf of other cybercriminals through the use of the software. 

There is no content within this file, so when it is executed, it will deliver the next-stage payload from the compromised server of a non-profit organization, which in this case is a compromised command and control server.  

Researchers from Menlo Security examined Agent Tesla as the sample in their study. A Pakistan-based FTP server is connected to the Trojan as soon as it is launched, which receives all the stolen information on its server. 

The researchers discovered that when using leaked credentials in a breach, the threat actor took control of a particular FTP server and did not set it up themselves but rather used leaks of credentials to do so. As a result, the risk of identification was reduced and traceability was minimized. 

The Use of Agent Tesla Continues 

Cybercriminals use a malware family called Agent Tesla in their efforts to compromise Windows systems. In October 2020 and January 2021, it reached its peak in terms of usage. 

In a recent report released by Cofense, the company highlights the fact that Agent Tesla remains one of the most cost-effective and highly-capable backdoors in the market, and it has undergone continuous improvements and development during its lifespan.

Defense Intelligence recorded roughly one-third of all keylogger reports recorded by Defense Intelligence in the year 2022, which may be indicative of Tesla's keylogging activities. 

As a result of malware, the following capabilities can be observed: 

  • To gather sensitive information about the victim such as her password, all keystrokes the victim makes are recorded. 
  • A hacker can break into a web browser, email client, or file transfer application to steal passwords. 
  • The most effective way to protect confidential information on your desktop is to take screenshots of it as you use it. 
  • Obtain user names, passwords, and credit card numbers from the clipboard, as well as access clipboard contents. 
  • Send the stolen data to C2 via any of the following methods: FTP, SMTP, etc.
A feature of the attacks examined by Menlo Labs was that the threat actors managed to avoid detection by antivirus tools by injecting the AgentTesla payload into a legitimate process ("cvtres.exe") using process hollowing. 

Agent Tesla's communications with the C2 server, as well as its configuration files, are also encrypted with XOR. This is to protect them from network traffic monitoring tools used to monitor network traffic. 

According to Menlo Security, the threat actor behind PureCrypter is not one of the big players in the threat landscape. Nevertheless, it is worth taking note of its activities to determine whether or not it is targeting government agencies. 

As a result, it would be expected that the attacker would continue to use the compromised infrastructure for as long as possible before seeking out a new one. 
Read more »
Technology
Crpto Crypto Crime Cryptocurrencies Government Regulations Technology

Britain Government With Robust Crypto Regulation

The department of Britain’s finance ministry came with robust regulations for crypto assets, following the collapse of the crypto exchange FTX last year in which millions of people lost billions of dollars. 
However, regulation of crypto-assets could create a one-sized approach that could hinder innovation.

The treasury department published a consultation document today, to bring cryptocurrency-related activities under the ambit of governing traditional financial services. 

The ministers said that the new regulations will "mitigate the most significant risks of crypto assets while harnessing their advantages". As per the data from ministers, up to 10% of UK adults now own some form of crypto. 

The government is planning to use existing rules and regulations for the industry, rather than creating a whole new regime. The Treasury Department reported regarding the regulations that it will allow crypto to benefit from the "confidence, credibility and regulatory clarity" of the existing system for financial services, as set out in the UK's Financial Services and Markets Act 2000 (FSMA). 

Economic Secretary Andrew Griffith reported that the government remained "steadfast in our commitment to grow the economy and enable technological change and innovation - and this includes crypto-asset technology. But we must also protect consumers who are embracing this new technology - ensuring robust, transparent, and fair standards". 

The Treasury Department proposed in its consultation document the following: 

1. It will make laws and regulations on crypto-asset promotions which will be fair, clear, and not misleading. 

2. It will also enhance data-reporting requirements, including with regulators. 

3. Furthermore, it will implement new laws to stop so-called pump and dump, or lie and sell high where an individual artificially inflates the value of a crypto asset before selling it. 

Conservative MP Harriett Baldwin, who chairs the Treasury Committee, said, "truly Wild West behavior, valuable technological innovation happening that could benefit the UK economy". We are paying close attention to these plans and to the regulators' plans because we would not want our constituents to think cryptocurrencies are any less risky if they are regulated".
Read more »
Subscribe to: Posts (Atom)